Ignore service principal password resources from Terraform state management

[erikschlegel]

All Submissions:

---

• [YES] Have you followed the guidelines in our Contributing document?
• [YES] Have you added an explanation of what your changes do and why you'd like us to include them?
• [YES] I have updated the documentation accordingly.
• [NA] I have added tests to cover my changes.
• [YES] All new and existing tests passed.
• [YES/NO/NA] My code follows the code style of this project.
• [YES] I ran lint checks locally prior to submission.
• [YES] Have you checked to ensure there aren't other open Pull Requests for the same update/change?

What is the current behavior?

---

Currently, all azure resource(s) state changes related to the service principal password are managed through Terraform. This results in state changes being triggered for Terraform incremental builds as the password is randomly generated on each run. The impact is Terraform attempts to delete and recreate the password and KV secrets on each incremental deployment, regardless of template changes. Terraform should only be responsible for creating resources like the SP password and keyvault secrets when bootstrapping the initial azure environment.

Issue Number: #330

What is the new behavior?

---

Terraform resource types such as service prinipal passwords and keyvault secrets capturing sp passwords are ignored from state change lifecycles events via

lifecycle {
    ignore_changes = ["value"]
  }

Does this introduce a breaking change?

---

• [NO]

[erikschlegel]

@iphilpot all checks are passing and ready for review